Cyberattacks rely on the consumer and that’s a problem, says anti-fraud app’s CEO

In March 2016, John Podesta, the former chairman of Democratic candidate Hillary Clinton’s presidential campaign, was fooled into entering his password for his private Gmail account. And last week, ransomware cyberattacks again ravaged the globe, locking down files of major corporations and demanding they pay a ransom to unlock them. According to the CEO of an anti-fraud app, this is because cybersecurity places the onus on consumers to protect themselves – and that’s a problem.

Rodger Desai, the chief executive officer of New York startup Payfone, said that recent cyberattacks rely on individual consumers to operate. “Security today involves the consumer to secure themselves, and that’s the problem,” he told CNBC in a phone interview on Friday. “Whenever consumers are involved – and they’re always involved – people can socially engineer the consumer.”

“Security today involves the consumer to secure themselves, and that’s the problem,” he told CNBC in a phone interview on Friday. “Whenever consumers are involved – and they’re always involved – people can socially engineer the consumer.”

Desai heads the fintech firm Payfone, which uses automated customer identity authentication technology, to remove the need for using passcodes or security questions.

Tony C French | Getty Images

“There are so many ways in which cyberattacks are getting more sophisticated,” he added. “What we realized when we started the company is that these kind of attacks would grow. For example, if I wanted to reset my password with the bank and I’d forgotten it, they’re going to send my phone a code. That could be someone else.”

Last year, the malicious software “Pegasus” hacked into the phone of a human rights activist in the United Arab Emirates, forcing Apple to issue a critical software update to protect its users.

The startup’s technology verifies users’ SIM cards so that they are able to speak with customer-service representatives without having to enter passcodes or answer security questions.

Payfone’s boss told CNBC that the app could detect inconsistencies, such as unauthorized users attempting to access a mobile app or service. The company believes this will speed up the verification process for legitimate clients and businesses while preventing hackers and insurance fraudsters from accessing users’ phones.

Desai continued: “I think the key thing is removing the consumer from the security process. Cyberattacks will only escalate because the funding of them has gone from small-time criminals to organized gangs to state sponsorship and until we remove the consumer, they will never end.”

“Petya is a different kind of malware from WannaCry,” said Jonathan Care, fraud expert and research director at Gartner, in a blog post last week. “Common delivery methods are via phishing emails, or scams, however it seems increasingly likely that Petya uses an infected application update from a breached software vendor as its initial infection vector.”

In early June, Desai’s company was announced as the authentication provider for the peer-to-peer mobile payments network Zelle, which is backed by several big banks including Bank of America, Citibank, JPMorgan Chase and Wells Fargo.

Payfone unveiled its authentication technology at the Mobile World Congress, Shanghai, a conference which showcases new mobile technologies and products.